HIPAA action
HIPAA dvisory
HIPAAdvisory > HIPAAction > HIPAA Survey Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Quarterly Industry HIPAA Survey Results – Spring 2001

from Phoenix Health Systems'
HIPAAdvisory.com and HIPAAlert

Nationwide, HIPAA Compliance Efforts Are Slow and Spotty, but Strengthening

It's happening. Slowly, perhaps reluctantly, the healthcare industry just might be making way for HIPAA. An increasing number of healthcare organizations apparently have begun to focus in earnest on HIPAA compliance, according to Phoenix Health Systems' latest quarterly HIPAA survey results. Approximately 3/4 of the 600+ survey participants reported that their organizations are actively engaged in enterprise HIPAA awareness efforts, 2/3 are addressing internal impact assessments, about half are working on HIPAA project planning, and roughly a third are making inroads on actual HIPAA implementation.

THE SURVEY

During the last two weeks of April 2001, Phoenix Health Systems conducted its fifth quarterly industry HIPAA compliance survey through its website HIPAAdvisory.com and HIPAAlert email newsletter. The 617 online respondents represented:

  • 113 hospitals with 400+ beds
  • 144 hospitals with 400 - beds
  • 28 physician practices
  • 74 other providers
  • 82 payers
  • 10 clearinghouses
  • 58 vendors
  • 108 other (consultants, govt, assoc)

The majority of respondents, 77%, held official roles in HIPAA compliance within their organizations; about 50% were executives or department managers and another 25% were Compliance or Security officers for their organizations.

HIPAAWARENESS and the EFFECT OF THE PRIVACY RULE

Across the industry, overall awareness of HIPAA was reported consistently: about 70% of all senior managers were judged as having moderate to high knowledge of HIPAA and its implications. Fewer department heads -- just under 50% -- were reported to have moderate to high awareness. Respondents stated that 6% of all senior managers across the industry still have little or no knowledge of HIPAA.

Chart displaying Industry HIPAA Knowledge statistics discussed above.

When asked if the recent DHHS decision to put the Privacy Rule into effect affected urgency about HIPAA, 41% of hospital respondents and 36% of all respondents answered that their organizations' sense of urgency had increased "quite a lot" or "greatly." Only 6% of respondents believed that their organizations were unaffected by the news of the Privacy rule's effective date, and 14% indicated that their organizations' sense of urgency about HIPAA was already high before the news.

FOCUS OF HIPAA EFFORTS

As summarized earlier, the number of organizations focusing on the components of HIPAA compliance appears to have significantly increased since January. Among hospitals with over 400 beds, about 80% reported they were focusing on impact assessments, primarily in the areas of Transactions and Privacy, and 70% stated they were doing project planning.

Roughly 70% of respondents from hospitals with less than 400 beds reported they were working on impact assessments, with 56% asserting that they were engaged in project planning. However, actual implementation efforts are still to come for most hospitals; fewer than 30% of respondents from larger hospitals, and less than 25% from the smaller hospitals had begun implementation of any HIPAA provisions.

Approximately 30% of all providers expect to complete their internal assessments in the next 3 months, and another 43% will complete assessments within 6 months. In our January 2001 survey, we found that only 5% of hospital providers had completed assessments; as of mid-April, this had increased to 11%.

Payers and vendors continued to be ahead of providers in meeting compliance goals. About 75% of payers and 52% of vendors reported working on Transactions-related project planning; and 58% of payers and 62% of vendors stated they were engaged in Transactions implementation activities. About 58% of payers and 46% of vendors reported doing project planning work in Privacy; about 30% of payers and 55% of vendors stated they were implementing the Privacy provisions.

USE OF OUTSIDE EXPERTISE

Among hospitals with over 400 beds, 53% of respondents indicated they would engage outside consultants to support their HIPAA compliance endeavors; 47% of respondents from smaller hospitals reported similar plans. Most likely uses of consultants by hospitals were reported to be: first, compliance planning; second, risk assessment; and third, education management.

Payers are likely to be even stronger users of consultants; 72% of payer respondents reported the engagement of consultants, primarily for help in compliance planning and risk assessments

PROVIDER BUDGETS

Only provider respondents were asked how much their organizations are budgeting for HIPAA compliance in 2001, and their responses varied considerably. Of the 113 participants from hospitals with over 400 beds, 21% did not know budget numbers. Among those knowing their budgets, 22% reported 2001 budgets of less than $100,000, 53% claimed budgets of between $100,000 and $500,000, 18% expect spending between $500,000 and $1 million, and 7% stated they would spend over $1 million.

HIPAA budgets for Hospitals with more than 400 beds (text above describes)

About 42% of respondents from hospitals with fewer than 400 beds did not know their organizations' 2001 budgets. Among those knowing their budgets, About 2/3 reported that their organizations' budgets were less than $100,000; 23% cited budgets between $100,000 and $500,000, 5% anticipated budgets between $500,000 and $1 million, and another 6% said their organizations planned to spend over $1 million.

HIPAA budgets for Hospitals with less than 400 beds (text above describes)

Among participants from other provider groups and physician practices, approximately 50% stated they didn't have budget numbers to cite, and most of the remaining respondents indicated they would spend under $100,000 in 2001 on HIPAA.

READINESS TO DO HIPAA-COMPLIANT BUSINESS

Of the 82 payer organization respondents, 24% indicated they would be ready to accept and transmit their first HIPAA compliant transactions within 6 months, 30% in 6 to 12 months, and 35% in 12 to 18 months. Just under 30% indicated that their organizations would be ready to transmit all HIPAA compliant transactions within a year or less, but 54% won't be ready for 12-18 months, and 18% said they wouldn't achieve this full capability until after the compliance deadline of October 2002.

Bar graph of Payer Readiness

Vendors reported more confidence in their progress towards HIPAA-related remediation of products. Over 60% reported that they have begun coordinating with their clients on HIPAA, and about 80% said they have made significant progress in complying with HIPAA requirements. About 30% either had already completed remediation or expected to do so within 6 months; 40% planned to be ready within 6 to 12 months, and about 15% expected it to take longer. Over 80% of vendors stated that they plan to offer HIPAA compliance assistance to their customers.

About 75% of participants from clearinghouses reported that their firms had begun coordinating on HIPAA remediation with their clients. About 40% expected that their compliance activities will require some new software development, and 50% anticipated making changes to their existing software. All clearinghouse respondents indicated that their firms would be ready to transmit all HIPAA compliant transactions within 12 to 18 months, before the Transactions compliance deadline.

PARTICIPANT COMMENTS MAY SAY IT ALL...

Each of Phoenix’ quarterly HIPAA surveys invariably generates an array of commentary from participants. The Spring 2001 Survey has been no exception. Some of the more representative comments:

From Hospital respondents:

"Change comes slowly to healthcare."

"...Our top payers aren’t ready to work with us on implementation."

"HIPAA will be a long process but well worth the time forming complete confidentiality."

"It is difficult to be the only one in an organization that takes this seriously."

"We need more time"

From Other Provider respondents:

"Senior management is not planning to address this issue until Summer or Fall, 2001 in case things still change."

"I think the whole long-term care industry is behind the curve on HIPAA."

From Vendor respondents:

"How could any vendor be much more than 25% ready when the privacy regulation just went into enactment, security is not final, and none of the identifiers specs are out?"

"We are moving towards education of our sales and technical staff so there is no confusion about what we do, and what the customer is required to. We are not the entity that needs to be HIPAA compliant, the customer(s) must be HIPAA compliant."

From Clearinghouse respondents:

"For transactions/code sets, the impact and effort required is far greater than initial estimates."

"Our biggest holdup is receiving specifications from payers...."

From Payer respondents:

"Healthcare executives relied too much on a pro-business White House...(There is) a lot of denial in this industry..."

"Developing an awareness with our clients and our trading partners is an ongoing, but slow process."

"HIPAA is changing everything in our company...this is a tremendous job to get done in a short time."

View results from past surveys.



Go to TOP